CVE-2025-21897: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance() a6250aa251ea ("sched_ext: Handle cases where pick_task_scx() is called without preceding balance_scx()") added a workaround to handle the cases where pick_task_scx() is called without prececing balance_scx() which is due to a fair class bug where pick_taks_fair() may return NULL after a true return from balance_fair(). The workaround detects when pick_task_scx() is called without preceding balance_scx() and emulates SCX_RQ_BAL_KEEP and triggers kicking to avoid stalling. Unfortunately, the workaround code was testing whether @prev was on SCX to decide whether to keep the task running. This is incorrect as the task may be on SCX but no longer runnable. This could lead to a non-runnable task to be returned from pick_task_scx() which cause interesting confusions and failures. e.g. A common failure mode is the task ending up with (!on_rq && on_cpu) state which can cause potential wakers to busy loop, which can easily lead to deadlocks. Fix it by testing whether @prev has SCX_TASK_QUEUED set. This makes @prev_on_scx only used in one place. Open code the usage and improve the comment while at it.
AI Analysis
Technical Summary
CVE-2025-21897 is a vulnerability identified in the Linux kernel's scheduler extension (sched_ext) subsystem, specifically within the pick_task_scx() function. The scheduler is responsible for managing task execution on CPUs, ensuring efficient and fair CPU time allocation. The vulnerability arises from a logic flaw in how pick_task_scx() selects tasks when it is invoked without a preceding call to balance_scx(), a function that normally balances run queues. The root cause is that pick_task_scx() may return a task that is not actually runnable, due to incorrect checks on the task's state. The workaround implemented previously incorrectly relied on whether the previous task (@prev) was on the scheduling context (SCX) to decide if the task should continue running. However, a task can be on SCX but not runnable, leading to pick_task_scx() returning a non-runnable task. This can cause the system to enter inconsistent states such as a task being marked as not on the run queue (!on_rq) but still on CPU (on_cpu), which is logically contradictory. Such states can cause potential wakers to busy loop, leading to CPU resource exhaustion and possible deadlocks. The fix involves refining the check to ensure that the task is actually queued (SCX_TASK_QUEUED) before being selected, thus preventing non-runnable tasks from being scheduled. This correction improves scheduler stability and prevents subtle deadlock or livelock conditions caused by the previous flawed logic. No known exploits are currently reported in the wild, and the vulnerability affects specific Linux kernel versions identified by the commit hash a6250aa251eacaf3ebfcfe152a96a727fd483ecd. The issue is technical and low-level, impacting kernel task scheduling behavior rather than directly exposing memory corruption or privilege escalation vectors.
Potential Impact
For European organizations relying on Linux-based systems, especially those running custom or specific kernel versions affected by this flaw, the vulnerability poses risks primarily to system stability and availability. Servers, cloud infrastructure, and embedded systems using the affected Linux kernel versions may experience scheduler deadlocks or livelocks, leading to CPU resource starvation and potential system hangs or crashes. This can disrupt critical services, degrade performance, and increase downtime. While the vulnerability does not directly lead to confidentiality or integrity breaches, the availability impact can be significant for high-availability environments such as financial institutions, telecommunications providers, and critical infrastructure operators common in Europe. Systems running containerized workloads or real-time applications may be particularly sensitive to scheduler anomalies. Since no known exploits exist yet, the immediate risk is moderate, but unpatched systems remain vulnerable to stability issues that could be triggered under specific workload conditions. The complexity of the issue means that detection may be difficult without detailed kernel tracing or monitoring, increasing the risk of unnoticed degradation in system performance.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2025-21897. This involves applying the patch that correctly checks the SCX_TASK_QUEUED flag before scheduling tasks. Kernel maintainers and distributors should ensure that updated kernel packages are promptly released and deployed. For organizations managing their own kernel builds, integrating the patch from the commit a6250aa251ea is essential. Additionally, system administrators should implement enhanced monitoring of CPU scheduling behavior and system load to detect anomalies such as unexpected CPU busy loops or deadlocks. Employing kernel tracing tools (e.g., ftrace, perf) can help identify symptoms related to this vulnerability. In environments where immediate patching is not feasible, workload scheduling policies can be adjusted to reduce the likelihood of triggering the scheduler bug, such as limiting highly concurrent or CPU-intensive tasks that stress the scheduler. Finally, maintaining robust system backups and failover mechanisms will mitigate the impact of potential system hangs or crashes caused by this issue.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2025-21897: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance() a6250aa251ea ("sched_ext: Handle cases where pick_task_scx() is called without preceding balance_scx()") added a workaround to handle the cases where pick_task_scx() is called without prececing balance_scx() which is due to a fair class bug where pick_taks_fair() may return NULL after a true return from balance_fair(). The workaround detects when pick_task_scx() is called without preceding balance_scx() and emulates SCX_RQ_BAL_KEEP and triggers kicking to avoid stalling. Unfortunately, the workaround code was testing whether @prev was on SCX to decide whether to keep the task running. This is incorrect as the task may be on SCX but no longer runnable. This could lead to a non-runnable task to be returned from pick_task_scx() which cause interesting confusions and failures. e.g. A common failure mode is the task ending up with (!on_rq && on_cpu) state which can cause potential wakers to busy loop, which can easily lead to deadlocks. Fix it by testing whether @prev has SCX_TASK_QUEUED set. This makes @prev_on_scx only used in one place. Open code the usage and improve the comment while at it.
AI-Powered Analysis
Technical Analysis
CVE-2025-21897 is a vulnerability identified in the Linux kernel's scheduler extension (sched_ext) subsystem, specifically within the pick_task_scx() function. The scheduler is responsible for managing task execution on CPUs, ensuring efficient and fair CPU time allocation. The vulnerability arises from a logic flaw in how pick_task_scx() selects tasks when it is invoked without a preceding call to balance_scx(), a function that normally balances run queues. The root cause is that pick_task_scx() may return a task that is not actually runnable, due to incorrect checks on the task's state. The workaround implemented previously incorrectly relied on whether the previous task (@prev) was on the scheduling context (SCX) to decide if the task should continue running. However, a task can be on SCX but not runnable, leading to pick_task_scx() returning a non-runnable task. This can cause the system to enter inconsistent states such as a task being marked as not on the run queue (!on_rq) but still on CPU (on_cpu), which is logically contradictory. Such states can cause potential wakers to busy loop, leading to CPU resource exhaustion and possible deadlocks. The fix involves refining the check to ensure that the task is actually queued (SCX_TASK_QUEUED) before being selected, thus preventing non-runnable tasks from being scheduled. This correction improves scheduler stability and prevents subtle deadlock or livelock conditions caused by the previous flawed logic. No known exploits are currently reported in the wild, and the vulnerability affects specific Linux kernel versions identified by the commit hash a6250aa251eacaf3ebfcfe152a96a727fd483ecd. The issue is technical and low-level, impacting kernel task scheduling behavior rather than directly exposing memory corruption or privilege escalation vectors.
Potential Impact
For European organizations relying on Linux-based systems, especially those running custom or specific kernel versions affected by this flaw, the vulnerability poses risks primarily to system stability and availability. Servers, cloud infrastructure, and embedded systems using the affected Linux kernel versions may experience scheduler deadlocks or livelocks, leading to CPU resource starvation and potential system hangs or crashes. This can disrupt critical services, degrade performance, and increase downtime. While the vulnerability does not directly lead to confidentiality or integrity breaches, the availability impact can be significant for high-availability environments such as financial institutions, telecommunications providers, and critical infrastructure operators common in Europe. Systems running containerized workloads or real-time applications may be particularly sensitive to scheduler anomalies. Since no known exploits exist yet, the immediate risk is moderate, but unpatched systems remain vulnerable to stability issues that could be triggered under specific workload conditions. The complexity of the issue means that detection may be difficult without detailed kernel tracing or monitoring, increasing the risk of unnoticed degradation in system performance.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2025-21897. This involves applying the patch that correctly checks the SCX_TASK_QUEUED flag before scheduling tasks. Kernel maintainers and distributors should ensure that updated kernel packages are promptly released and deployed. For organizations managing their own kernel builds, integrating the patch from the commit a6250aa251ea is essential. Additionally, system administrators should implement enhanced monitoring of CPU scheduling behavior and system load to detect anomalies such as unexpected CPU busy loops or deadlocks. Employing kernel tracing tools (e.g., ftrace, perf) can help identify symptoms related to this vulnerability. In environments where immediate patching is not feasible, workload scheduling policies can be adjusted to reduce the likelihood of triggering the scheduler bug, such as limiting highly concurrent or CPU-intensive tasks that stress the scheduler. Finally, maintaining robust system backups and failover mechanisms will mitigate the impact of potential system hangs or crashes caused by this issue.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.783Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9833c4522896dcbe8b43
Added to database: 5/21/2025, 9:09:07 AM
Last enriched: 6/30/2025, 10:26:49 AM
Last updated: 8/1/2025, 6:17:43 PM
Views: 10
Related Threats
CVE-2025-8098: CWE-276: Incorrect Default Permissions in Lenovo PC Manager
HighCVE-2025-53192: CWE-146 Improper Neutralization of Expression/Command Delimiters in Apache Software Foundation Apache Commons OGNL
UnknownCVE-2025-4371: CWE-347: Improper Verification of Cryptographic Signature in Lenovo 510 FHD Webcam
HighCVE-2025-32992: n/a
HighCVE-2025-55591: n/a
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.